From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public From: kennel@nospam.lyapunov.ucsd.edu (Matt Kennel (Remove 'nospam' to reply)) Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/28 Message-ID: #1/1 X-Deja-AN: 228893335 References: <332B5495.167EB0E7@eiffel.com> <332D113B.4A64@calfp.co.uk> <5gm8a6$2qu$2@news.irisa.fr> <3332BE49.8F9@lmtas.lmco.com> <33330FE5.3F54BC7E@eiffel.com> Organization: University of California at San Diego Reply-To: kennel@nospam.lyapunov.ucsd.edu Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-28T00:00:00+00:00 List-Id: On 22 Mar 1997 01:45:25 GMT, Jon S Anthony wrote: :In article <33330FE5.3F54BC7E@eiffel.com> Bertrand Meyer writes: : :> > From this we learn that Java and Ada 95 are not properly designed for :> > Design by Contract. :> :> Which is the simple truth. The designers of these languages have :> explicitly rejected the inclusion of assertions. Why? They are the :> ones to ask. I am sure they must have their reasons (however :> unlikely it is I would find these to be good reasons). : :It is simply amazing to see you sit there (or type there) and say in :one breath "Which is the simple truth" and then proceed to make an :absolutely false statement in the next. In fact, it is extremely :disappointing and makes you look ridiculous. : :Ada _has_ assertions. Their form is not of the same syntactical look :as Eiffel's. So what? They take the form of constraints, in :particular (wrt to the case at hand) subtype constraints. They are :_not_ as flexible or full "featured" as Eiffel's but they are :certainly there and in the Ariane case, they are every bit as capable :as Eiffel's. Of course static type constraints are a form of 'precondition', namely "the object being referred to by this reference, or in this variable is one of these types". By that measure C++, C, and Pascal, and maybe even Fortran have assertions. It is often useful and powerful to program in a style in a statically typed language where important information is encoded into types, but this is not a full substitute for Eiffel's additional capabilities. Whether or not it would have done so in the rocket crash is another story. Simply not testing the control system with a whole new rocket is an *idiotic* mistake. "Oh, we change the mass, the moment of inertia, the power, and all that, but sure the old control system will work just fine." At least with the Challenger screwup there was a judgement call involved with a piece of physics not entirely known. :Jon Anthony :Organon Motives, Inc. :Belmont, MA 02178 :617.484.3383 :jsa@organon.com -- Matthew B. Kennel/Institute for Nonlinear Science, UCSD/ Don't blame me, I voted for Emperor Mollari.